Hello,
I have a self-hosted Gitea instance that works perfectly, and thank you for your work!
Until now, I was only using Gitea for code repositories, a few CI/CD for sanity checks, linting, etc.
I set up a CI/CD for OCI/Docker image builds. Package creation and pushing work fine, But when I want to use the built image in an action workflow, I get an error.
Action workflow error
Here is the error I get when setting up the job :
0d888c570ee0(version:v0.2.12) received task 821 of job release, be triggered by event: push
workflow prepared
evaluating expression 'success()'
expression 'success()' evaluated to 'true'
š Start image=my.domain.com/repo/docker-images:ubuntu-20.04-act
š³ docker pull image=my.domain.com/repo/docker-images:ubuntu-20.04-act platform= username= forcePull=true
š³ docker pull my.domain.com/repo/docker-images:ubuntu-20.04-act
pulling image 'my.domain.com/repo/docker-images:ubuntu-20.04-act' ()
Error response from daemon: unauthorized: reqPackageAccess
Workflow
here is the action.yaml test file :
name: release
on:
push:
branches:
- main
jobs:
release:
runs-on: ubuntu-20.04-act
strategy:
matrix:
python-version: ['3.9']
concurrency:
group: ${{ github.workflow }}-release-${{ github.ref_name }}
cancel-in-progress: false
Important note
if I log in to another host and do a docker pull of the image
docker pull my.domain.com/repo/docker-images:ubuntu-20.04-act
He asks me for my credentials and I can pull the image.
Act Runner
config.yaml is well set and i can view from āRunners Managementā that OCI (labels) are registred.
labels:
- "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
- "ubuntu-latest-slim:docker://node:20-bookworm-slim"
- "ubuntu-20.04-act:docker://my.domain.com/repo/docker-images:ubuntu-20.04-act"
Reverse proxy
A few releases ago, I noticed an issue related to reverse proxy and the /v2 route. I corrected it with docs. (Iām putting it here just in case)
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name gitea.*;
include /config/nginx/ssl.conf;
client_max_body_size 512M;
location / {
include /config/nginx/resolver.conf;
set $upstream_app 172.18.37.145;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# other common HTTP headers, see the "Nginx" config section above
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Credentials
On the credentials side, user can read, write package and use token on cicd.
Docker compose stack
---
services:
server:
image: gitea/gitea:1.24.5
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=db:3306
- GITEA__database__NAME=${DB_NAME}
- GITEA__database__USER=${DB_USER}
- GITEA__database__PASSWD=${DB_PASSWORD}
restart: always
volumes:
- /mnt/gitea/data/gitea:/data/gitea
- /mnt/gitea/data/repositories:/data/git/repositories
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2443:22"
depends_on:
- db
db:
image: mysql:8
restart: always
container_name: gitea-db
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_USER=${DB_USER}
- MYSQL_PASSWORD=${DB_PASSWORD}
- MYSQL_DATABASE=${DB_NAME}
volumes:
- ./mysql:/var/lib/mysql
runner:
image: gitea/act_runner:0.2.12
container_name: gitea-runner
environment:
CONFIG_FILE: /config.yaml
GITEA_INSTANCE_URL: "https://my.domain.com"
GITEA_RUNNER_REGISTRATION_TOKEN:"${RUNNER_TOKEN}"
GITEA_RUNNER_NAME: "${RUNNER_NAME}"
GITEA_RUNNER_LABELS: "${RUNNER_LABELS}"
restart: always
volumes:
- ./config.yaml:/config.yaml
- /mnt/gitea/runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock
pages:
image: ghcr.io/simongregorebner/gitea-pages:0.0.10
container_name: gitea-pages
restart: always
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "8080:8080/tcp"
Giteaās app.ini from environment variables
Only the emails, domain name, and https have been changed.
I hope I have provided all the necessary information. Thank you for your feedback.